免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
论坛 操作系统 BSD 我公司的代理服务器,好像被功击了..:(
最近访问板块 发新帖
查看: 2055 | 回复: 0
打印 上一主题 下一主题

我公司的代理服务器,好像被功击了..:( [复制链接]

funpower

论坛徽章:
0
跳转到指定楼层
1 [收藏(0)] [报告]
发表于 2004-12-29 18:17 |只看该作者 |倒序浏览
小弟是菜鸟, 有点看不懂,麻烦老大们看看.

一台代理服务器FREEBSD4.10+squid+socks5,非透明代理,squid用3128端口,socks5用1080端口,最近发现屏幕上不停的有信息出现,而且是连续不停的出现. 内容如下:

Dec 29 16:00:01 web Socks5[231]: TCP Connection Request: Connect (82.80.252.229:1238 to 209.40.104.174:25) for
Dec 29 16:00:01 web Socks5[231]: TCP Connection Terminated: Abnormal (82.80.252.229:1238 to 209.40.104.174:25)
Dec 29 16:00:01 web Socks5[244]: TCP Connection Request: Connect (82.80.252.229:1484 to 208.55.77.5:25) for use
Dec 29 16:00:01 web Socks5[244]: TCP Connection Terminated: Abnormal (82.80.252.229:1484 to 208.55.77.5:25) for
Dec 29 16:00:01 web Socks5[282]: Auth Failed: (82.140.23.86:3180)
Dec 29 16:00:03 web Socks5[217]: TCP Connection Request: Connect (82.80.252.174:3183 to 194.25.242.123:25) for
Dec 29 16:00:03 web Socks5[217]: TCP Connection Terminated: Abnormal (82.80.252.174:3183 to 194.25.242.123:25)
Dec 29 16:00:03 web Socks5[271]: TCP Connection Terminated: Normal (192.168.20.3:3201 to 202.197.208.15:21) for
Dec 29 16:00:03 web Socks5[212]: TCP Connection Terminated: Normal (192.168.20.3:3202 to 202.197.208.15:21) for
Dec 29 16:00:03 web Socks5[265]: TCP Connection Terminated: Normal (192.168.20.3:3203 to 202.197.208.15:21) for
Dec 29 16:00:05 web Socks5[219]: Auth Failed: (217.83.227.24:2123)
Dec 29 16:00:05 web Socks5[261]: Auth Failed: (217.83.227.24:2126)
Dec 29 16:00:05 web Socks5[272]: Auth Failed: (217.83.227.24:2124)
Dec 29 16:00:05 web Socks5[277]: Auth Failed: (217.83.227.24:2125)
Dec 29 16:00:07 web Socks5[223]: TCP Connection Terminated: Normal (192.168.20.3:3204 to 202.197.208.15:21) for
Dec 29 16:00:08 web Socks5[278]: TCP Connection Request: Connect (82.80.252.173:3079 to 142.77.2.9:25) for user
Dec 29 16:00:08 web Socks5[278]: TCP Connection Terminated: Abnormal (82.80.252.173:3079 to 142.77.2.9:25) for
Dec 29 16:00:08 web Socks5[243]: TCP Connection Request: Connect (192.168.20.3:3206 to 202.197.208.15:21) for u
Dec 29 16:00:08 web Socks5[266]: TCP Connection Request: Connect (192.168.20.3:3207 to 202.197.208.15:21) for u
Dec 29 16:00:08 web Socks5[264]: TCP Connection Request: Connect (192.168.20.3:3208 to 202.197.208.15:21) for u
Dec 29 16:00:10 web Socks5[243]: TCP Connection Established: Connect (192.168.20.3:3206 to 202.197.208.15:21) f
Dec 29 16:00:10 web Socks5[266]: TCP Connection Established: Connect (192.168.20.3:3207 to 202.197.208.15:21) f
Dec 29 16:00:10 web Socks5[264]: TCP Connection Established: Connect (192.168.20.3:3208 to 202.197.208.15:21) f
Dec 29 16:00:12 web Socks5[248]: TCP Connection Terminated: Normal (192.168.20.3:3205 to 202.197.208.15:21) for
Dec 29 16:00:13 web Socks5[246]: TCP Connection Request: Connect (192.168.20.3:3209 to 202.197.208.15:21) for u
Dec 29 16:00:14 web Socks5[226]: TCP Connection Request: Connect (82.80.252.226:3863 to 63.148.24.210:25) for u
Dec 29 16:00:14 web Socks5[226]: TCP Connection Terminated: Abnormal (82.80.252.226:3863 to 63.148.24.210:25) f
Dec 29 16:00:14 web Socks5[246]: TCP Connection Established: Connect (192.168.20.3:3209 to 202.197.208.15:21) f
Dec 29 16:00:14 web Socks5[236]: TCP Connection Request: Connect (82.80.252.173:3194 to 67.18.32.194:25) for us
Dec 29 16:00:14 web Socks5[236]: TCP Connection Terminated: Abnormal (82.80.252.173:3194 to 67.18.32.194:25) fo
Dec 29 16:00:17 web Socks5[262]: TCP Connection Request: Connect (192.168.20.3:3210 to 202.197.208.15:21) for u
Dec 29 16:00:18 web Socks5[262]: TCP Connection Established: Connect (192.168.20.3:3210 to 202.197.208.15:21) f
Dec 29 16:00:24 web Socks5[280]: TCP Connection Request: Connect (82.80.252.231:4464 to 213.27.192.34:25) for u
Dec 29 16:00:24 web Socks5[280]: TCP Connection Terminated: Abnormal (82.80.252.231:4464 to 213.27.192.34:25) f
Dec 29 16:00:26 web Socks5[247]: Auth Failed: (221.229.219.230:1214)


然后我用netsate命令看了下(在客户机的SSH上操作的),显示了几行又停在那里,然后又显示几行,感觉永远也显示不完 .下面是我把显示的那些贴出来. 我发现Foreign Address地址里有很多外网的地址,难道是有人在利用我的代理在上网.

Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 415 218.90.159.126.3336 203.212.2.88.http ESTABLISHED
tcp4 0 2896 192.168.20.254.3128 192.168.20.170.1799 ESTABLISHED
tcp4 0 0 218.90.159.126.socks i528C1756.versan.4357 SYN_RCVD
tcp4 0 0 218.90.159.126.socks i528C1756.versan.4355 SYN_RCVD
tcp4 0 0 218.90.159.126.socks i528C1756.versan.4356 SYN_RCVD
tcp4 0 0 218.90.159.126.socks i528C1756.versan.4353 SYN_RCVD
tcp4 0 0 218.90.159.126.socks i528C1756.versan.4354 SYN_RCVD
tcp4 0 955 218.90.159.126.3335 address1.vip.sc5.http ESTABLISHED
tcp4 0 0 192.168.28.254.3128 192.168.28.74.3055 ESTABLISHED
tcp4 0 0 218.90.159.126.3334 202.102.234.137.http SYN_SENT
tcp4 0 0 192.168.28.254.3128 192.168.28.74.3054 TIME_WAIT
tcp4 0 0 192.168.28.254.3128 192.168.28.74.3053 TIME_WAIT
tcp4 0 344 218.90.159.126.3331 203.212.2.88.http ESTABLISHED
tcp4 0 0 192.168.20.254.3128 192.168.20.170.1798 ESTABLISHED
tcp4 0 0 218.90.159.126.3330 203.212.2.88.http ESTABLISHED
tcp4 0 0 192.168.20.254.3128 192.168.20.170.1797 ESTABLISHED
tcp4 0 415 218.90.159.126.3329 203.212.2.88.http ESTABLISHED
tcp4 0 0 192.168.20.254.3128 192.168.20.170.1796 ESTABLISHED
tcp4 0 406 218.90.159.126.3328 203.212.2.88.http ESTABLISHED
tcp4 0 0 192.168.20.254.3128 192.168.20.170.1795 ESTABLISHED
tcp4 0 415 218.90.159.126.3327 203.212.2.88.http ESTABLISHED
tcp4 0 0 218.90.159.126.33126 203.212.2.88.http ESTABLISHED
tcp4 0 0 218.90.159.126.3325 203.212.2.88.http ESTABLISHED
tcp4 0 415 218.90.159.126.3324 203.212.2.88.http ESTABLISHED
tcp4 0 0 192.168.20.254.3128 192.168.20.162.1813 ESTABLISHED
tcp4 0 395 218.90.159.126.3323 203.212.2.88.http ESTABLISHED
tcp4 0 0 192.168.20.254.3128 192.168.20.162.1812 ESTABLISHED
tcp4 0 0 218.90.159.126.socks pD953E318.dip.t-.3770 TIME_WAIT
tcp4 0 0 218.90.159.126.socks pD953E318.dip.t-.3769 SYN_RCVD
tcp4 0 2 218.90.159.126.socks pD953E318.dip.t-.3768 ESTABLISHED
tcp4 0 0 218.90.159.126.3322 202.101.62.24.http ESTABLISHED
tcp4 0 2 218.90.159.126.socks pD953E318.dip.t-.3767 ESTABLISHED
tcp4 0 0 218.90.159.126.socks pD953E318.dip.t-.3766 TIME_WAIT
tcp4 0 0 192.168.20.254.3128 192.168.20.162.1811 ESTABLISHED
tcp4 0 0 218.90.159.126.3319 202.101.62.24.http ESTABLISHED
tcp4 0 0 218.90.159.126.socks bzq-80-252-230.d.4962 TIME_WAIT
tcp4 0 0 218.90.159.126.3317 202.101.62.24.http ESTABLISHED
tcp4 0 0 218.90.159.126.3320 159.2126.238.59.http ESTABLISHED


我现在不知道该怎么办?
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

  

北京盛拓优讯信息技术有限公司. 版权所有 京ICP备16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122 niuxiaotong@pcpop.com 17352615567
未成年举报专区
中国互联网协会会员  联系我们:huangweiwei@itpub.net
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP